The IT director of a nonprofit organ procurement center for more than 200 hospitals in Texas was sentenced last week to two years in prison for intentionally deleting numerous organ donation records and other data after being fired from her job.
Danielle Duann, 51 was also sentenced to three years of supervised release upon completion of her term and ordered to pay more thanb US$94,000 in restitution to her former employer, LifeGift Organ Donation Center. Duann in April had pleaded guilty to one count of unauthorized access to a protected computer.
Court documents filed in connection with the case describe what's becoming an increasingly familiar tale of companies victimized by insiders.
Duann was hired by LifeGift in 2003 and put in charge of overseeing the company's entire IT infrastructure and fired in November 2005 for reasons not specified in court documents. At the time of her termination, Duann was informed in writing that all her access rights had been revoked. The company also took steps to lock all administrator accounts to which Duann was known to have access.
Despite such steps, Duann still managed to access LifeGift's network from her home on the same evening she was fired, via a VPN account that she appears to have previously set up without anyone's knowledge.
Once inside the network, Duann used an administrator account belonging to another LifeGift employee to log into several servers, including the company's organ donor database server and main accounting server, multiple times. Over the next several hours, she then deleted donor records, accounting invoice files, database and software applications, backup files and the software tokens needed to run some applications.
In a bid to cover her tracks, Duann manually deleted all logs of her VPN sessions with the company's network. She also disabled the activity logging functions on the database and accounting servers -- making it impossible for LifeGift to identity all of the individual files and applications she deleted, the court documents said.
Duann's sabotage, however, was discovered the next morning by an employee of a network services company that had just been hired by LifeGift to provide backup and disaster recovery services for the non-profit. The employee noticed someone deleting files in real-time from a VPN connection, which he quickly terminated. The VPN connection logs and IP address was later traced back to Duann's home Internet connection. A subsequent search of Duann's home and computer systems by the FBI uncovered more evidence that linked her to the sabotage.
Like countless similar incidents, this one highlights the challenges that companies face when it comes to protecting data and systems from malicious insiders. In this case, the sabotage occurred even though LifeGift appears to have taken most of the measures that security experts recommend when employees leave the company or are fired.
For instance, the company immediately revoked Duann's access privileges after terminating her and disabled all administrator accounts to which she had had previous access. The fact that Duann still managed to access the company's servers just hours later, highlights how difficult it can sometimes be to stop insiders who plan to do harm.